Weekly News Roundup May 23-27, 2022


Posted on by Kacy Zurkus

How do you feel about podcasts? If you’re like me, when I find a series that I like, I binge. But if I’m being honest, finding a good podcast (outside of the RSAC 365 podcast series, of course) is a lot of work. I rely on my sister for recommendations, and it appears I’m not the only one who looks to others for podcast referrals.

The New York Times shared a list of six podcasts, all of which “tap into the dangers of our wired life, exploring cybercrime, cryptocurrency and the many flavors of horror that lurk on the dark web.” Lots of delicious listening for cyber-minded individuals.

Podcasts are a great source of entertainment and education that many of us enjoy listening to while exercising, driving, folding laundry, or traveling. Are you traveling anywhere soon? (Of course you are!) If you’re looking for in-flight entertainment on your way to San Francisco, check out these ITSP podcast hosts, many of whom will be speaking at RSA Conference 2022 in less than two weeks. Or, download Your Everyday Cyber Podcast with Limor Kessem and Diana Kelley, then be sure to reserve a seat for The Jetsons Are Here – Now What Are the Security Implications, where you can hear Diana and her esteemed co-panelists discuss the security implications of our interconnected world.

Want to join us as an RSAC 365 podcast guest? Visit www.rsaconference.com/becomeacontributor to submit an idea on a topic you’re most interested in.

Now let’s take a look at what made cybersecurity headlines this week.

May 27: The Hacker News reported, “Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.”

May 27: CISA added three batches of software bugs to its catalog of known vulnerabilities that must be patched, bringing the total patch warnings to 75 for this week.

May 26: A new report published by Crossword Cybersecurity Plc found that of the more than 200 CISOs and senior cybersecurity professionals who participated in the survey, 40% expect their security strategy to be obsolete in only two years’ time.

May 26: According to Wired, allegations by the Chinese government that the US is engaging in cyberespionage “appear to rely on years-old technical details, which are already publicly known and don’t contain fresh information.”

May 26: “The Space Systems Command on May 26 rolled out a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department,” SpaceNews reported.

May 26: Government agencies issued new 5G security guidance to help federal organizations implement security strategies that align with the authority to operate” process.

May 25: “The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat,” BleepingComputer reported.

May 25: Twitter’s Chief of Privacy wrote in a blog post, “On May 25, 2022, Twitter reached a settlement with the Federal Trade Commission (FTC) regarding a privacy incident disclosed in 2019 when some email addresses and phone numbers provided for account security purposes may have been inadvertently used for advertising.”

May 24: PortSwigger reported, “Chicago Public Schools (CPS) has warned parents that the personal records of more than 495,000 children may have been exposed as the result of a ransomware attack on a third-party supplier … Battelle for Kids, an Ohio-based non-profit with a mission to modernize school systems.”

May 23: “While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found,” Threatpost reported.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

privacy cyber espionage cloud security patch vulnerability & configuration management professional development & workforce critical infrastructure quantum computing

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community